September 20th, 2011, 05:39 PM
Password Management Suggestions
I work for a small web design company and we are looking for a better way to store all of our logins. We currently store them in KeePass in a local server that we all have access to.
The problem is that when someone leaves our company, we need to change every client's login info, since the employee leaving can easily make a local copy of the KeePass file which contains all of the logins.
We have WordPress, Facebook, Twitter, Godaddy, and many more logins for several hundred clients and it would take days to change the passwords for everything.
I thought about only having the sysadmin control the passwords but people would be bothering him constantly for login information.
TL;DR We need a way to store our passwords without having to update it every time an employee leaves the company.
September 20th, 2011, 06:49 PM
First I would introduce some concept of limited access - ie: only giving employees access to the account details they actually need to do their job.
One pretty secure approach would be to use a proxy server that substitutes your passwords into outgoing HTTP requests. For example, if someone is logging into godaddy they could type "###godaddy-clientname###" into the password field and the proxy server could automatically perform the substitution. Obviously you would not want to do this for inbound data.